Pi-hole not working

Expected Behaviour:

The Pi-hole is supposed to show everything under query log, and it should block adds, and domains that are blackblisted.
I am running Ubunto on an old HP pavilion laptop with i5 2nd gen.
I did manually add the DNS to all of my devices and on top of that I added it to the router so all devices will use it.
The picture below shows the settings on my TP-Link router AX1500:

Actual Behaviour:

The query doe not show everything that is happening especially not from my PC. On top of that I tried adding domains to black list and I can still access them. I tried blocking msn.com and I can access it on all of my devices.

I tried reinstalling Ubunto and Pi-hole several times and the same issue persists.

Debug Token: https://tricorder.pi-hole.net/UmMycI81/

It may be that your browser does see msn.com blocked but then "helpfully" tries www.msn.com which is not blocked by your rule, and the site loads.

Delete the blacklist rule and re-add it but this time also ticking the "Add domain as wildcard" box. That will block not just msn.com but all its subdomains such as www.msn.com.

wildcard

With that new msn.com block in place, what is the output of the following commands?

nslookup pi.hole
nslookup msn.com
nslookup flurry.com

and what happens when you try to access msn.com in your browser, does it work or is it blocked?

I found msn.com to be an awkward site – it appears to do some kind of messing around to load via a content delivery network even when it's blocked. I could block the site in Firefox but not in Safari, even when the command above (and Pi-hole's Query Log) showed it was blocked. There are ways to try deal with that but it would distract from whether or not Pi-hole is working here.

Instead you could try the same processes but with a different domain. The bottom line – show that Pi-hole is in use and blocking domains.

Well I did try that also did not work, it is not msn.com that is the problem, msn was just an example.
I tried many edge, chrome, firefox, and tried different devices, msn works on all. Pihole itself is not working properly.
This is how it looks like in pihole:


And yes msn still works.

Here is what I got:
image
I really have no idea what those show.

All those nslookup commands show you are using Google's servers for DNS lookup, not Pihole. 8.8.8.8 is Google's public DNS server.

How do I change them to the pihole then instead.

The previous answer was from the Pihole device on Ubunto, When I ran it on my PC, here is what I see.
image

You should set Pi-hole as secondary DNS as well. Currently, your router advertises itself as DNS server too.

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   Timeout: 10 seconds
   
   * Received 300 bytes from eno1:192.168.0.1
     Offered IP address: 192.168.0.170
     Server IP address: 192.168.0.1
     Relay-agent IP address: N/A
     BOOTP server: (empty)
     BOOTP file: (empty)
     DHCP options:
      Message type: DHCPOFFER (2)
      server-identifier: 192.168.0.1
      lease-time: Infinite
      netmask: 255.255.255.0
      broadcast: 192.168.0.255
      dns-server: 192.168.0.170
      dns-server: 192.168.0.1
      router: 192.168.0.1

Sorry I should have been clearer that I meant to run those on a computer which is using Pi-hole. It's okay for Pi-hole itself to be using an external DNS provider (such as Google 8.8.8.8), and in fact a good idea because it means if Pi-hole breaks then it still has a working DNS to use in order to try and fix itself.

On your computer it shows that Pi-hole is answering queries because it recognises the domain pi.hole. However msn.com should be blocked (because of your rule) and flurry.com should be blocked (because its on the default adlist) and so both should be returning 0.0.0.0, but you can see they are both returning IP addresses.

This implies Pi-hole is disabled, perhaps temporarily via the sidebar menu, perhaps as part of some testing you did?

Your debug log will help staff get to the bottom of it.

Please generate a new debug token - to old one still has msn.com as exact blacklisted domain.

https://tricorder.pi-hole.net/UmMycI81/

I had done that before and did not change the results, I did it also now I think it should show in the new debug log

Your new debug token shows Pi-hole is active and working (blocking) as it should.
Your screenshot from your PC look suspicious as nothing is blocked there. Do you run any software on that machine that could interfere with DNS? Some anti-virus, anti-malware software? Avast real site?

I do have Avast on my PC, but the thing is on all my devices Pihole is not blocking, other devices are iPhone, ipad, Samsuns S20FE, and a macbook. So on the other devices I do not have any antivirus.

For completeness, what happens when you try the following commands in the Pi-hole Linux terminal:

dig @127.0.0.1 flurry.com +short
nslookup flurry.com
nslookup flurry.com localhost

And then what do you get when you try the following commands from your Windows terminal:

nslookup flurry.com
nslookup flurry.com 192.168.0.170

Note you can right-click the Windows terminal afterwards and select Mark and then drag the area to copy and press Enter to copy the text, and paste that directly in here, rather than have to do a screenshot.

Are you sure your PC is using the DNS servers configured on your router?

Sometimes you need to renew the DHCP lease before the changes take effect.

On the same screen (below the items on the image), there should be a section called "DHCP Client List".
Do you see your PC there? do you see all other devices there?

Here is what I get for the first command on the Pi-hole device:

 dig @127.0.0.1 flurry.com +short
nslookup flurry.com
nslookup flurry.com localhost
0.0.0.0
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   flurry.com
Address: 74.6.136.150
Name:   flurry.com
Address: 98.136.103.23
Name:   flurry.com
Address: 212.82.100.150

Server:         localhost
Address:        127.0.0.1#53

Name:   flurry.com
Address: 0.0.0.0
Name:   flurry.com
Address: ::

And this is what I get on my windows PC

 flurry.com
Server:  pi.hole
Address:  192.168.0.170

Non-authoritative answer:
Name:    flurry.com
Addresses:  98.136.103.23
          212.82.100.150
          74.6.136.150


C:\Users\selwa>nslookup flurry.com 192.168.0.170
Server:  pi.hole
Address:  192.168.0.170

Non-authoritative answer:
Name:    flurry.com
Addresses:  98.136.103.23
          212.82.100.150
          74.6.136.150

Yes I do see my PC here in the list it is the one that ends with .201

On top of that I did flush my DNS to make sure my PC is using the Pi-hole DNS and I added it in the network:

And I also made sure I am only using IPv4 as you can see in the second picture:
image

Note: I did make sure the DNS to be set as 192.168.0.170 manually on all my devices just in case the router does not change them.

Try to address your PC issues first.
AVAST Real-Site's DNS feature may force your PC's DNS through their own DNS servers.
That feature should be disabled if you'd want your PC to use Pi-hole.

Also, let's have a look at the DNS servers that your clients are aware of.
Run from your Windows PC, search the output of the following command:

ipconfig /all

We'd just be interested in the few lines of the DNS server section from that output.

1 Like

Well, I have some weird updates. Today when I deactivated the Real Site from avast, the msn.com was blocked and I checked all of my devices and msn.com is being blocked on all of them except my iphone. So what could be happening here, note I checked the ipad to see the difference in the wifi setting and they are both identical with DNS being set manually on 192.168.0.170

Here is the command output:

ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-D8MIRA6
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Unknown adapter SecureLine:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Avast SecureLine Wintun Adapter
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Ethernet Connection (2) I219-V
   Physical Address. . . . . . . . . : BLURRED
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.201(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, March 14, 2023 11:02:27 AM
   Lease Expires . . . . . . . . . . : Tuesday, March 14, 2023 3:53:49 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.170
   NetBIOS over Tcpip. . . . . . . . : Disabled

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8723B Wireless LAN 802.11n USB 2.0 Network Adapter
   Physical Address. . . . . . . . . : BLURRED
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : BLURRED
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : BLURRED
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : BLURRED
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

So if you look at your Pihole query logs, do you see queries to msn.com? If so, what are the responses that are logged ("OK," "BLOCKED," etc.)?

Well here is a screenshot of how it looks like from my PC if I am trying to access msn.com.

However in the Querey Log I do not see that I accessed msn.com from my mobile here is a picture of the logs, and I did access msn.com at 18:41 and at 18:43. I do not see the logs alot from my phone. Only sometimes do I see logs.